AI Found the Bug. Who's Going to Fix It?

Project Glasswing pointed a frontier model at the world’s load-bearing software and came back with more than 10,000 high or critical vulnerabilities. 6,202 in open source, across 1,000+ projects, at a 90.6% true-positive rate confirmed by independent firms. A 27-year-old hole in OpenBSD. A cert-forgery flaw in wolfSSL (CVE-2026-5194) sitting in billions of devices.

That is a staggering result. It is also the easy half. Finding just got cheap. Now someone has to fix all of it.

The Finding Side Collapsed

I’ve written about what Glasswing means for the security balance and how the capability already democratised down to tiny models. The short version: detection is no longer the constraint. A model can scan a thousand repos overnight and be right nine times out of ten.

The number that matters isn’t the 10,000 found. It’s the one downstream. Mozilla audited Firefox with a model in this class and then patched 271 vulnerabilities in Firefox 150 by hand, roughly ten times what the previous-generation scan surfaced in 148. The finder ran in a weekend. The fixing is still measured in engineer-months.

The Fixing Side Didn’t

A vulnerability report is not a fix. It’s the start of a queue that runs entirely at human speed:

• Triage. Is it real? At 90.6% true-positive, one in ten reports is noise you only discover by spending time on it.
• Ownership. Who owns this code? On a healthy team, a name. On a 27-year-old dependency, possibly nobody alive and reachable.
• The patch. Write it without breaking the four other things that rely on the buggy behaviour.
• Review, test, ship. The same release gauntlet every other change runs.
• Backport. Across every supported version, each its own merge and test cycle.
• Disclosure. Coordinate the embargo, file the CVE, time the announcement.
• Upgrade. Wait, possibly years, for the world to actually deploy the fix.

Mozilla cleared 271 because Mozilla is well-resourced. Now picture the same model handing a solo maintainer fifty confirmed criticals on a Tuesday. The finding was free. The queue is not.

The Disclosure Flood

This is where it stops being abstract. We already watched agent-generated contributions DDoS open-source review. Glasswing is the security-grade version of the same wave: a firehose of legitimate, often correct vulnerability reports aimed at maintainers who cannot patch at machine speed.

A false bug report wastes an afternoon. A true one that nobody has the capacity to fix is worse: it’s a public clock counting down on software everyone depends on and no one is paid to defend.

Mythos release feels close. But the real story is not the model drop. It’s what happens after.

— Min Choi (@minchoi)

What This Doesn’t Solve

The honest counterweight, because “finding is cheap now” is mostly good news.

• Cheap finding is still a gift. A 27-year-old bug caught is a 27-year-old bug that stops being a zero-day for whoever finds it next. The asymmetry favours defenders who can keep up.
• Some fixes will automate too. The obvious next product is the auto-patcher, and for mechanical classes of bug it will work. But a model patching a model’s finding is not a closed loop. The verification still lands on a human.
• The 10% is a tax, not a rounding error. At Glasswing’s volume, a 9.4% false-positive rate is hundreds of confident, wrong reports that each cost real triage time.
• Attackers have the same finder. The disclosure clock isn’t theoretical. Once the capability is open, the race is between your patch queue and theirs.

Closing

A few weeks ago I argued that agents merge but someone still has to ship. This is the same shape, drawn in security ink. The machine produces at a rate the human disposal layer was never built for, and the bill lands wherever the humans still are.

Agents find. Someone still has to patch. And right now there are roughly ten thousand reasons that someone is going to have a long year.